def _verify_key(self) -> None:
"""
Verify target host public key, raise exception if invalid/unknown
Args:
N/A
Returns:
None
Raises:
ScrapliConnectionNotOpened: if session is unopened/None
ScrapliAuthenticationFailed: if host is not in known hosts
ScrapliAuthenticationFailed: if host is in known hosts but public key does not match
"""
if not self.session:
raise ScrapliConnectionNotOpened
known_hosts = SSHKnownHosts(
self.plugin_transport_args.ssh_known_hosts_file)
known_host_public_key = known_hosts.lookup(
self._base_transport_args.host)
if not known_host_public_key:
raise ScrapliAuthenticationFailed(
f"{self._base_transport_args.host} not in known_hosts!")
remote_server_key = self.session.get_remote_server_key()
remote_public_key = remote_server_key.get_base64()
if known_host_public_key["public_key"] != remote_public_key:
raise ScrapliAuthenticationFailed(
f"{self._base_transport_args.host} in known_hosts but public key does not match!"
)
def _verify_key_value(self) -> None:
"""
Verify target host public key, raise exception if invalid/unknown
Args:
N/A
Returns:
None
Raises:
ScrapliConnectionNotOpened: if session is unopened/None
ScrapliAuthenticationFailed: if host is in known hosts but public key does not match or
cannot glean remote server key from session.
"""
if not self.session:
raise ScrapliConnectionNotOpened
known_hosts = SSHKnownHosts(self.plugin_transport_args.ssh_known_hosts_file)
known_host_public_key = known_hosts.lookup(self._base_transport_args.host)
remote_server_key = self.session.get_server_host_key()
if remote_server_key is None:
raise ScrapliAuthenticationFailed(
f"failed gleaning remote server ssh key for host {self._base_transport_args.host}"
)
remote_public_key = remote_server_key.export_public_key().split()[1].decode()
if known_host_public_key["public_key"] != remote_public_key:
raise ScrapliAuthenticationFailed(
f"{self._base_transport_args.host} in known_hosts but public key does not match!"
)
def _verify_key(self) -> None:
"""
Verify target host public key, raise exception if invalid/unknown
Args:
N/A
Returns:
N/A # noqa: DAR202
Raises:
KeyVerificationFailed: if public key verification fails
"""
known_hosts = SSHKnownHosts(self.ssh_known_hosts_file)
if self.host not in known_hosts.hosts.keys():
raise KeyVerificationFailed(f"{self.host} not in known_hosts!")
remote_server_key_info = self.session.hostkey()
encoded_remote_server_key = remote_server_key_info[0]
raw_remote_public_key = base64.encodebytes(encoded_remote_server_key)
remote_public_key = raw_remote_public_key.replace(b"\n", b"").decode()
if known_hosts.hosts[self.host]["public_key"] != remote_public_key:
raise KeyVerificationFailed(
f"{self.host} in known_hosts but public key does not match!"
)
def _verify_key(self) -> None:
"""
Verify target host public key, raise exception if invalid/unknown
Args:
N/A
Returns:
N/A # noqa: DAR202
Raises:
KeyVerificationFailed: if host is not in known hosts
KeyVerificationFailed: if host is in known hosts but public key does not match
"""
known_hosts = SSHKnownHosts(self.ssh_known_hosts_file)
if self.host not in known_hosts.hosts.keys():
raise KeyVerificationFailed(f"{self.host} not in known_hosts!")
remote_server_key = self.session.get_remote_server_key()
remote_public_key = remote_server_key.get_base64()
if known_hosts.hosts[self.host]["public_key"] != remote_public_key:
raise KeyVerificationFailed(
f"{self.host} in known_hosts but public key does not match!"
)
def _verify_key(self) -> None:
"""
Verify target host public key, raise exception if invalid/unknown
Args:
N/A
Returns:
None
Raises:
ScrapliConnectionNotOpened: if session is unopened/None
ScrapliAuthenticationFailed: if public key verification fails
"""
if not self.session:
raise ScrapliConnectionNotOpened
known_hosts = SSHKnownHosts(
self.plugin_transport_args.ssh_known_hosts_file)
if self._base_transport_args.host not in known_hosts.hosts.keys():
raise ScrapliAuthenticationFailed(
f"{self._base_transport_args.host} not in known_hosts!")
remote_server_key_info = self.session.hostkey()
encoded_remote_server_key = remote_server_key_info[0]
raw_remote_public_key = base64.encodebytes(encoded_remote_server_key)
remote_public_key = raw_remote_public_key.replace(b"\n", b"").decode()
if known_hosts.hosts[self._base_transport_args.
host]["public_key"] != remote_public_key:
raise ScrapliAuthenticationFailed(
f"{self._base_transport_args.host} in known_hosts but public key does not match!"
)
def _verify_key(self) -> None:
"""
Verify target host public key, raise exception if invalid/unknown
Args:
N/A
Returns:
None
Raises:
ScrapliAuthenticationFailed: if host is not in known hosts
"""
known_hosts = SSHKnownHosts(self.plugin_transport_args.ssh_known_hosts_file)
known_host_public_key = known_hosts.lookup(self._base_transport_args.host)
if not known_host_public_key:
raise ScrapliAuthenticationFailed(
f"{self._base_transport_args.host} not in known_hosts!"
)
def _verify_key(self) -> None:
"""
Verify target host public key, raise exception if invalid/unknown
Args:
N/A
Returns:
N/A # noqa: DAR202
Raises:
KeyVerificationFailed: if host is not in known hosts
"""
known_hosts = SSHKnownHosts(self.ssh_known_hosts_file)
if self.host not in known_hosts.hosts.keys():
raise KeyVerificationFailed(f"{self.host} not in known_hosts!")
def _verify_key_value(self) -> None:
"""
Verify target host public key, raise exception if invalid/unknown
Args:
N/A
Returns:
N/A # noqa: DAR202
Raises:
KeyVerificationFailed: if host is in known hosts but public key does not match
"""
known_hosts = SSHKnownHosts(self.ssh_known_hosts_file)
remote_server_key = self.session.get_server_host_key()
remote_public_key = remote_server_key.export_public_key().split(
)[1].decode()
if known_hosts.hosts[self.host]["public_key"] != remote_public_key:
raise KeyVerificationFailed(
f"{self.host} in known_hosts but public key does not match!")
def test_init_ssh_known_hosts_file_explicit():
known_hosts = SSHKnownHosts(f"{TEST_DATA_DIR}/files/_ssh_known_hosts")
with open(f"{TEST_DATA_DIR}/files/_ssh_known_hosts", "r") as f:
ssh_known_hosts = f.read()
assert known_hosts.ssh_known_hosts == ssh_known_hosts
def test_init_ssh_known_hosts_file_exceptions():
with pytest.raises(TypeError) as exc:
SSHKnownHosts(None)
assert str(exc.value) == "`ssh_known_hosts_file` expected str, got <class 'NoneType'>"
def test_init_ssh_known_hosts_file_no_hosts():
known_hosts = SSHKnownHosts(f"{UNIT_TEST_DIR}__init__.py")
assert known_hosts.hosts == {}
def test_init_ssh_known_hosts_file_no_hosts(test_data_path):
known_hosts = SSHKnownHosts(f"{test_data_path}/files/__init__.py")
assert known_hosts.hosts == {}
def test_known_host_lookup_bad_host(real_ssh_known_hosts_file_path):
known_hosts = SSHKnownHosts(real_ssh_known_hosts_file_path)
assert known_hosts.lookup("bad.host") == {}
def test_known_host_lookup_exact_host_hashed(real_ssh_known_hosts_file_path):
known_hosts = SSHKnownHosts(real_ssh_known_hosts_file_path)
# remove the non-hashed known host entry in the loaded dict, leaving only the hashed entry
del known_hosts.hosts["172.18.0.11"]
assert known_hosts.lookup("172.18.0.11") != {}
def test_known_host_lookup_exact_host(real_ssh_known_hosts_file_path):
known_hosts = SSHKnownHosts(real_ssh_known_hosts_file_path)
assert known_hosts.lookup("172.18.0.11") != {}
def test_init_ssh_known_hosts_file_no_config_file(fs):
known_hosts = SSHKnownHosts("")
assert known_hosts.hosts == {}
def test_init_ssh_known_hosts_file_no_hosts():
known_hosts = SSHKnownHosts(f"{TEST_DATA_DIR}/files/__init__.py")
assert known_hosts.hosts == {}
def test_init_ssh_known_hosts_file_explicit(real_ssh_known_hosts_file_path):
known_hosts = SSHKnownHosts(real_ssh_known_hosts_file_path)
with open(real_ssh_known_hosts_file_path, "r") as f:
ssh_known_hosts = f.read()
assert known_hosts.ssh_known_hosts == ssh_known_hosts
